[
https://issues.apache.org/jira/browse/AURORA-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bill Farner reopened AURORA-331:
--------------------------------
Reopening to set resolution field.
> tainted data isn't properly escaped in HTML templates
> -----------------------------------------------------
>
> Key: AURORA-331
> URL: https://issues.apache.org/jira/browse/AURORA-331
> Project: Aurora
> Issue Type: Story
> Components: UI
> Reporter: Jay Buffington
> Fix For: 0.5.0
>
>
> My health check failed on the slave:
> {noformat}
> $ grep urlopen __main__.log
> W0418 15:41:40.155653 15563 health_checker.py:78] Health check failure:
> Failed to signal http://localhost:31135/health: <urlopen error timed out>
> I0418 15:41:40.655600 15563 status_checker.py:116] HealthCheckerThread
> reported StatusResult('Failed health check! Failed to signal
> http://localhost:31135/health: <urlopen error timed out>', status='FAILED')
> {noformat}
> When I looked at the web interface I just saw "FAILED : Failed health check!
> Failed to signal http://localhost:31135/health:"; I viewed the generated
> HTML source and saw:
> {noformat}
> - <span class='task-status' status='FAILED'>FAILED</span>
> : Failed health check! Failed to
> signal http://localhost:31135/health: <urlopen error timed out>
> {noformat}
> Looking at line 185 of
> "src/main/resources/org/apache/aurora/scheduler/http/schedulerzjob.st" of
> git commit gf85e7de I see
> {noformat}
> - <span class='task-status' status='$event.status$'>$event.status$</span>
> {noformat}
> I suspect that this is one example of many places where data needs to be
> properly escaped before being displayed to the user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
